dc.description.abstract | Given the incorporation of a communication network into the traditional
power grid, the smart grid is equipped with devices that provide sensing,
measurement, and control. This gives the smart grid numerous advantages
over the traditional power grid. However, the smart grid has a risk of cyber
attacks which can result in failures of critical systems. Understanding
the threats to the smart grid is paramount in ensuring adequate security.
This thesis aims at identifying the attacks that can be used in compromising
the smart grid as well as security modeling techniques that
aid in identifying and presenting the security risks. It first reviews existing
literature on security modeling techniques that aid in security risk
analysis and compare the techniques so as to evaluate its applicability
to the smart grid. A demonstration of the efficacy of using a modeling
technique in identifying risks in the Advanced Metering Infrastructure
(AMI) network of the smart grid. Finally, an attack tree is presented
which provides an overview of attacks against smart grid obtained from
literature.
A review of 84 relevant papers is done to identify the attacks against the
smart grid in order to create an attack tree which gives an overview of
how security requirements can be compromised. Furthermore, another
26 relevant papers are reviewed to identify modeling techniques that can
be used in security analyses. This is followed by an evaluation of the
identified techniques based on four groupings: asset identification, risk
identification, risk evaluation, and mitigation steps. Lastly, a demonstration
of how Consultative Objective Risk Analysis System (CORAS)
can be used in identifying and understanding the security risks in the
smart grid is done. The application of CORAS shows how effective it is
in helping to achieve the research objectives of this thesis. Lastly, the
attack tree revealed how individual attacks stack up in compromising the
major security requirements.
The results of the review give insights as to directions for future work
and improvements: (i) It is important to extend the CORAS application
evaluate the risks identified in this thesis and document mitigation steps
by first performing research on formalizing evaluation criteria for the risks
(ii) It is paramount to perform develop formal assessment criteria for all
security modeling techniques to assess the strengths and short-comings
of each of the techniques. | |